A day after Apple announced its well received two-step verification process, The Verge is reporting that Apple has a huge security hole. For users who haven’t activated the two-step process, the password for their Apple ID can be reset by anyone with just their email address and their birthdate. According to the report, there is a guide available online that shows would-be hackers how to get past Apple’s current security with a few modified URLS.

Even worse? As The Verge reported and a Fast Company reporter confirmed, activating the two-step verification will take three days, according to an Apple notification.